Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #1316 from Neilpang/alias 

Alias
pull/1320/head
neil 7 years ago
committed by GitHub
parent
2d1e9abb60 1f7df33e28
commit
61eaa44cf8
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 67 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      README.md
  2. 71
      acme.sh

1
README.md
View File

@ -76,6 +76,7 @@ https://github.com/Neilpang/acmetest
- Apache mode - Apache mode
- Nginx mode - Nginx mode
- DNS mode - DNS mode
- [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode)
- [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode) - [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode)

71
acme.sh
View File

@ -47,6 +47,7 @@ DEFAULT_DNS_SLEEP=120
NO_VALUE="no" NO_VALUE="no"
W_TLS="tls" W_TLS="tls"
DNS_ALIAS_PREFIX="="
MODE_STATELESS="stateless" MODE_STATELESS="stateless"
@ -105,6 +106,8 @@ _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
_STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode" _STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"
_DNS_ALIAS_WIKI="https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode"
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead." _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR" _DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
@ -2859,8 +2862,9 @@ _clearupdns() {
_debug "skip dns." _debug "skip dns."
return return
fi fi
_info "Removing DNS records."
ventries=$(echo "$vlist" | tr ',' ' ') ventries=$(echo "$vlist" | tr ',' ' ')
_alias_index=1
for ventry in $ventries; do for ventry in $ventries; do
d=$(echo "$ventry" | cut -d "$sep" -f 1) d=$(echo "$ventry" | cut -d "$sep" -f 1)
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
@ -2874,7 +2878,7 @@ _clearupdns() {
fi fi
if [ "$vtype" != "$VTYPE_DNS" ]; then if [ "$vtype" != "$VTYPE_DNS" ]; then
_info "Skip $d for $vtype"
_debug "Skip $d for $vtype"
continue continue
fi fi
@ -2902,7 +2906,19 @@ _clearupdns() {
if _startswith "$_dns_root_d" "*."; then if _startswith "$_dns_root_d" "*."; then
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')" _dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
fi fi
_d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
_alias_index="$(_math "$_alias_index" + 1)"
_debug "_d_alias" "$_d_alias"
if [ "$_d_alias" ]; then
if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
else
txtdomain="_acme-challenge.$_d_alias"
fi
else
txtdomain="_acme-challenge.$_dns_root_d" txtdomain="_acme-challenge.$_dns_root_d"
fi
if ! $rmcommand "$txtdomain" "$txt"; then if ! $rmcommand "$txtdomain" "$txt"; then
_err "Error removing txt for domain:$txtdomain" _err "Error removing txt for domain:$txtdomain"
@ -3384,7 +3400,7 @@ issue() {
_post_hook="${11}" _post_hook="${11}"
_renew_hook="${12}" _renew_hook="${12}"
_local_addr="${13}" _local_addr="${13}"
_challenge_alias="${14}"
#remove these later. #remove these later.
if [ "$_web_roots" = "dns-cf" ]; then if [ "$_web_roots" = "dns-cf" ]; then
_web_roots="dns_cf" _web_roots="dns_cf"
@ -3437,6 +3453,11 @@ issue() {
else else
_cleardomainconf "Le_LocalAddress" _cleardomainconf "Le_LocalAddress"
fi fi
if [ "$_challenge_alias" ]; then
_savedomainconf "Le_ChallengeAlias" "$_challenge_alias"
else
_cleardomainconf "Le_ChallengeAlias"
fi
Le_API="$ACME_DIRECTORY" Le_API="$ACME_DIRECTORY"
_savedomainconf "Le_API" "$Le_API" _savedomainconf "Le_API" "$Le_API"
@ -3658,6 +3679,7 @@ $_authorizations_map"
#add entry #add entry
dnsadded="" dnsadded=""
ventries=$(echo "$vlist" | tr "$dvsep" ' ') ventries=$(echo "$vlist" | tr "$dvsep" ' ')
_alias_index=1
for ventry in $ventries; do for ventry in $ventries; do
d=$(echo "$ventry" | cut -d "$sep" -f 1) d=$(echo "$ventry" | cut -d "$sep" -f 1)
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
@ -3675,7 +3697,18 @@ $_authorizations_map"
if _startswith "$_dns_root_d" "*."; then if _startswith "$_dns_root_d" "*."; then
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')" _dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
fi fi
_d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
_alias_index="$(_math "$_alias_index" + 1)"
_debug "_d_alias" "$_d_alias"
if [ "$_d_alias" ]; then
if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
else
txtdomain="_acme-challenge.$_d_alias"
fi
else
txtdomain="_acme-challenge.$_dns_root_d" txtdomain="_acme-challenge.$_dns_root_d"
fi
_debug txtdomain "$txtdomain" _debug txtdomain "$txtdomain"
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)" txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
_debug txt "$txt" _debug txt "$txt"
@ -4228,7 +4261,7 @@ renew() {
fi fi
IS_RENEW="1" IS_RENEW="1"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
res="$?" res="$?"
if [ "$res" != "0" ]; then if [ "$res" != "0" ]; then
return "$res" return "$res"
@ -4292,6 +4325,17 @@ signcsr() {
return 1 return 1
fi fi
_real_cert="$3"
_real_key="$4"
_real_ca="$5"
_reload_cmd="$6"
_real_fullchain="$7"
_pre_hook="${8}"
_post_hook="${9}"
_renew_hook="${10}"
_local_addr="${11}"
_challenge_alias="${12}"
_csrsubj=$(_readSubjectFromCSR "$_csrfile") _csrsubj=$(_readSubjectFromCSR "$_csrfile")
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
_err "Can not read subject from csr: $_csrfile" _err "Can not read subject from csr: $_csrfile"
@ -4337,7 +4381,7 @@ signcsr() {
_info "Copy csr to: $CSR_PATH" _info "Copy csr to: $CSR_PATH"
cp "$_csrfile" "$CSR_PATH" cp "$_csrfile" "$CSR_PATH"
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength"
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias"
} }
@ -5312,6 +5356,8 @@ Commands:
Parameters: Parameters:
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc. --domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
--challenge-alias domain.tld The challenge domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
--domain-alias domain.tld The domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
--force, -f Used to force to install or force to renew a cert immediately. --force, -f Used to force to install or force to renew a cert immediately.
--staging, --test Use staging server, just for test. --staging, --test Use staging server, just for test.
--debug Output debug info. --debug Output debug info.
@ -5463,6 +5509,7 @@ _process() {
_domain="" _domain=""
_altdomains="$NO_VALUE" _altdomains="$NO_VALUE"
_webroot="" _webroot=""
_challenge_alias=""
_keylength="" _keylength=""
_accountkeylength="" _accountkeylength=""
_cert_file="" _cert_file=""
@ -5652,6 +5699,16 @@ _process() {
fi fi
shift shift
;; ;;
--challenge-alias)
cvalue="$2"
_challenge_alias="$_challenge_alias$cvalue,"
shift
;;
--domain-alias)
cvalue="$DNS_ALIAS_PREFIX$2"
_challenge_alias="$_challenge_alias$cvalue,"
shift
;;
--standalone) --standalone)
wvalue="$NO_VALUE" wvalue="$NO_VALUE"
if [ -z "$_webroot" ]; then if [ -z "$_webroot" ]; then
@ -5973,13 +6030,13 @@ _process() {
uninstall) uninstall "$_nocron" ;; uninstall) uninstall "$_nocron" ;;
upgrade) upgrade ;; upgrade) upgrade ;;
issue) issue)
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address"
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
;; ;;
deploy) deploy)
deploy "$_domain" "$_deploy_hook" "$_ecc" deploy "$_domain" "$_deploy_hook" "$_ecc"
;; ;;
signcsr) signcsr)
signcsr "$_csr" "$_webroot"
signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
;; ;;
showcsr) showcsr)
showcsr "$_csr" "$_domain" showcsr "$_csr" "$_domain"

Write Preview
Loading…
Cancel
Save